🟢 CVE-2020-11023

CVE-2020-11023 is a cross-site scripting (XSS) vulnerability in jQuery that allows execution of untrusted JavaScript code in victims' browsers when processing malicious HTML with

← Back to Overview
LOW_RISK
Risk Level
6.9
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2020-04-29

Added to CISA KEV: 2025-01-23 1730 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2020-11023 is a medium-severity DOM-based Cross-Site Scripting (XSS) vulnerability affecting the jQuery JavaScript library [1] [3].

Overview and Impact
  • Vulnerability Type: DOM-based Cross-Site Scripting (XSS) [3].
  • Impact: Successful exploitation allows an attacker to inject and execute arbitrary malicious scripts within the context of the victim's browser session on the affected website [4]. This can lead to session hijacking, unauthorized actions on behalf of the user, or data theft [4].
Exploitation Details
  • Method: The vulnerability exists in jQuery’s `htmlPrefilter` function. When HTML containing `
  • Requirements: Exploitation typically requires an attacker to trick a user into interacting with a malicious link or to inject a payload into a part of a web application that processes user input via the vulnerable jQuery methods [3].
  • PoC Availability: Proof-of-concept (PoC) code and examples are available in public repositories, demonstrating how the vulnerability can be triggered [5].
Active Exploitation and Threat Landscape
  • Active Exploitation: The vulnerability was confirmed to be under active exploitation in the wild, leading the Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalog in early 2025 [2] [6].
  • Targeted Attacks/Ransomware: While it is a known exploited vulnerability, it is primarily categorized as an XSS vector used for web-based attacks rather than a direct component of ransomware encryption chains. However, XSS is frequently used in initial access phases to steal credentials or session tokens, which can facilitate broader, more targeted campaigns.
Affected Versions and Mitigation
  • Affected Versions: jQuery versions greater than or equal to 1.0.3 and before 3.5.0 are affected [1].
  • Patch Status: The issue was resolved in jQuery version 3.5.0 [1]. Organizations using older versions are strongly advised to upgrade to a patched version to mitigate the risk [2].

Sources

  1. NVD - CVE-2020-11023

    CVE-2020-11023 Detail Description In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing

  2. CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

    CISA flags CVE-2020-11023, a five-year-old jQuery XSS flaw, for active exploitation. Patch by Feb 13, 2025. ... The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be exploited to achieve arbitrary code execution…

  3. CVE-2020-11023 Vulnerability: Analysis, Detection, Removal

    An attacker typically exploits CVE-2020-11023 by tricking a user into clicking a malicious link or by injecting the payload into a part of the ... CVE-2020-11023 is a DOM-based cross-site scripting (XSS) vulnerability in jQuery's htmlPrefilter function. In plain English, the function, which is suppo…

  4. JQuery CVE-2020-11023: Cross-Site Scripting (XSS) Vulnerability

    Exploiting CVE-2020-11023 can have several serious impacts: Cross-Site Scripting (XSS): The primary impact is the potential for XSS attacks, where an attacker can inject and execute malicious scripts in the context of the affected website.To exploit CVE-2020-11023, an attacker needs to identify a we…

  5. GitHub - 0xAJ2K/CVE-2020-11022-CVE-2020-11023: Little thing put ...

    CVE-2020-11022 CVE-2020-11023 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html (), .append (), and others) may execute untrusted code. This problem is patched in…

  6. Patching — Latest News, Reports & Analysis |

    Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed